Paramiko processing of SSH_MSG_CHANNEL_EXTENDED_DATA

[nikaiw]

Are you using paramiko as a client or server?

Client

What feature(s) aren't working right?

SSH

What version(s) of paramiko are you using?

2.9.2

What version(s) of Python are you using?

3.10.12

What operating system and version are you using?

Ubuntu

If you're connecting as a client, which SSH server are you connecting to?

VShell® Server ( https://www.vandyke.com/products/vshell/index.html )

If you're using paramiko as part of another tool, which tool/version?

No response

Expected/desired behavior

Ability to get feedback on SSH_MSG_CHANNEL_EXTENDED_DATA and if possible handling of those error to keep the channel open.

Actual behavior

When connecting to an sshd server, SSH_MSG_CHANNEL_EXTENDED_DATA can be used to transmit error message. In case we sent an unknown command to Vshell sshd, paramiko will get an SSH_MSG_CHANNEL_EXTENDED_DATA followed by an SSH_MSG_CHANNEL_FAILURE resulting in paramiko sending EOF, closing the channel and preventing further command processing.

Currently, there doesn't seems to be a way to get more details on the SSH_MSG_CHANNEL_EXTENDED_DATA or to handle it to send other command after.

How to reproduce

using this script to connect on an sshd such as VShell® Server

import paramiko
import logging
logging.basicConfig(level=logging.DEBUG)
logger = logging.getLogger("paramiko")
logger.setLevel(logging.DEBUG)

def ssh_command(hostname, port, username, password, command):
    client = paramiko.SSHClient()
    try:
        client.connect(hostname, port=port, username=username, password=password,look_for_keys=False, allow_agent=False)
        print(f"execute {command}")
        stdin, stdout, stderr = client.exec_command(command, get_pty=True)
        output = stdout.read().decode()
        print(output)
        stdin, stdout, stderr = client.exec_command("whoami /priv")
        output = stdout.read().decode()
        print(output)
    except paramiko.SSHException as e:
        print(f"SSH connection error: {e}")
    
    finally:
        client.close()
ssh_command(HOST, PORT, USER, PASSWORD, 'id')

This will result in the following output:

DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (password) successful!
execute id
DEBUG:paramiko.transport:[chan 0] Max packet in: 32768 bytes
DEBUG:paramiko.transport:[chan 0] Max packet out: 16384 bytes
DEBUG:paramiko.transport:Secsh channel 0 opened.
99
DEBUG:paramiko.transport:[chan 0] Sesch channel 0 request ok
95
paramiko.Message(b'\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00S00160: Could not start program (id): The system cannot find the file specified.\r\n\r\n')
100
DEBUG:paramiko.transport:[chan 0] EOF sent (0)
SSH connection error: Channel closed.

In this execution trace I added print() in paramiko code to show the MSG type received by the server and the content of the message in case it is SSH_MSG_CHANNEL_EXTENDED_DATA.

However, from a quick look there doesn't seems to be a way to currently display the content of the error in such message, the only feedback to the user is that the channel was closed.

Furthermore, the second command "whoami /priv" will never be executed because paramiko will have closed the channel. I don't know if this is the expected behavior. This is something that would not happen in an interactive session with linux ssh client.

Would it be possible for paramiko to give more feedback to SSH_MSG_CHANNEL_EXTENDED_DATA and possibly handle them to allow execution of other command to proceed ?

Anything else?

No response